Azure VNet to VNet VPN gateway

The VNet to VNet connection type is a way to connect VNets together and is similar to creating a Site-to-Site IPsec connection to an on-premises location in that it uses a VPN gateway to create a secure IPsec tunnel between VNets.

 

Steps to create a VNet to VNet connection type

  1. Create a Virtual Network
  2. Create a gateway subnet
  3. Create a virtual network gateway
  4. Create other end’s VNet, subnet and gateway
  5. Configure the gateway connections
  6. Verify connections

Create a Virtual Network

Information about creating VNet can be found here

Create a gateway subnet

The gateway subnet contains the IP addresses that are used by the virtual network gateway. If possible, it’s best to create a gateway subnet by using a CIDR block of /28 or /27 to provide enough IP addresses to accommodate future additional configuration requirements.

  1. On the settings section of the Virtual Network, select subnet
  2. Click on Gateway subnet
  3. The name is automatically filled out as GatewaySubnet, adjust the IP address field as needed

Create a Virtual Network Gateway

  1. Click Create a resource and search for virtual network gateway, and select Virtual network gateway from the list and click Create
  2. Fill out the required fields, selecting VPN for Gateway type and VPN type as Route-based. Select the Region to be the same as the VNet in as well as giving the Public IP address a name.
  3. Click on Create.  Creation can take about 45 minutes

Create other end resources

Create the other VNet with subnet and Virtual Network Gateway

Configure Gateway connections

  1. Within the resource group, click on the Virtual network gateway and under settings select Connections. Click on Add and fill out the Add Connection blade selecting the other Gateway under Second virtual network gateway.
  2. Repeat at on the other Gateway.

Verify the Connections

Once the above configurations have been done the connections can be verified by going to Connection on the Virtual network gateway, they should show as Connected  (This may take a few minutes to show)

Clicking on the connection will show the data in / out and as traffic is sent this will increase.

Leave a Reply